With companies in Asia easy targets for cyberattacks, they must get their responses right when security is breached

It has been a tough few weeks for Hong Kong-listed educational toy maker VTech. Five million customer details were hacked last November through the company’s Learning Lodge app. The attack included the theft of thousands of photos of children. So far, so bad. But cyberbreaches happen all the time and there seems to be a growing resignation to this fact.

READ MORE: VTech’s ‘zero accountability clause’ for hacked or lost data on Learning Lodge app store won’t put it above the law, experts say

What made the VTech situation different? After the breach, the company changed its terms and conditions of use last December, shifting data theft liability away from the company and onto its customers.

In fairness to VTech, they made a call and I respect them for that. Nothing online can be 100 per cent secure. But, looking at the global social media storm that arose in response to their approach, I believe their decision will have implications beyond a few nasty headlines.

There are two questions about cyber risk that every management team must be able to answer in 2016. First, did they do everything they could to prevent the cyberattack they are experiencing? And, second, do they have the resources to fix it fast?

Cyber risk is insidiously becoming one of the greatest corporate vulnerabilities out there. It is an existential threat going to the heart of trust in business through the theft of customers’ personal data, money, or both.

As you are reading this, your company is likely to be under attack. Whether you know it or not. Cyberbreaches tend not to be of the “smash, grab, alarm bells ringing” type. Instead, they often take place stealthily, over long periods of time, with the attacked company being unaware of a breach. That is until it’s too late and the international news media is on the phone.

READ MORE: Hacking of Hong Kong’s VTech may prove worst cybersecurity breach of 2015 in Asia

Corporates in Asia are targeted 40 per cent more than the global average, according to FireEye Inc, a cybersecurity specialist. Law firm DLA Piper estimates that Asian institutions are twice as likely to be targeted. A recent Bloomberg article noted that corporations and governments in the Asia-Pacific region are easier targets because they “invest less in security and share less with regulators and other countries when victimised”. Looking ahead, I’d suggest three priorities for any management team considering cyber risk in 2016.